You can scan container images for known vulnerabilities and you can observe the results from a system cluster scan or a manual scan in the Carbon Black Cloud console.

Note:

Container images are scanned under the following circumstances:

Cluster image scanning provides the following benefits:
  • Visibility for the container images in your environment.
  • Information for found vulnerabilities and available fixes.
  • Capability to create exceptions at image level from inside the image scan report.
  • Kubernetes policies prevent container images that have substantial vulnerabilities from progressing through the CI/CD pipeline. See Kubernetes Policies.
  • File reputation scanning of all deployed images and malware detection. See Detect Malware in a Container Image.

    To have the latest information on file reputations, you must refresh the file reputation data that comes in from third-party feed providers, and you must consistently rescan your clusters for newly deployed images.